What’s at risk?
With increased evidence that Russia is preparing for potential retaliation to sanctions resulting from Russia’s invasion of Ukraine, organizations need to be extra vigilant. As of the beginning of April 2022, there have not been official reports of a coordinated attack by the Russian government, but it is crucial to take the intelligence community’s warning seriously and prepare. Even if your company is not directly involved in an attack, security incidents on critical infrastructure and supply chain may have secondary effects that can negatively impact many businesses at once.
Nation state sponsored cyberattacks have characteristics that differ from typical hacking and well-publicized ransomware. These attacks are more sophisticated, exploiting custom zero-day vulnerabilities while avoiding detection and establishing persistence. These attacks can be highly destructive. Companies of all sizes have a responsibility to prepare and protect information assets and mission essential functions. Frequently, these precautions are mandated by law and regulation.
Recommendations / Action plans
The following are steps any organization can implement to protect and reduce the risks associated with the current threats by Russia. These precautions and the protections they support will also help reduce the risks of ransomware.
Implement multi-factor authentication
- Identify systems with external access, and systems hosted in the cloud
- Enable settings to enforce MFA for each of the environments identified
- Enable MFA on all privileged (admin) accounts
- Monitor authentication activity and create alerts (e.g., enable Azure AD risk-based sign-in protection).
Frequently patch all systems
- Identify and prioritize vulnerabilities
- Patch external critical vulnerabilities daily
- Patch external non-critical, and internal critical vulnerabilities weekly
- Patch noncritical systems at least once a month
- Scan systems after patching to validate remediation of vulnerabilities
Reduce your attack surface
- Starting with your internet exposed IP addresses and run a port scan or Nmap to identify open ports and services
- Verify that open ports and services have a legitimate business use
- Block open ports and services that are not required
- Restrict in-bound and out-bound traffic on public facing networks and APIs
Secure the cloud
- Ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance
Identify and reduce risks
- Perform weekly external and internal, credentialed and non-credentialed vulnerability scans
- Perform weekly web application scans
- Perform monthly system configuration assessments or benchmark compliance scans
- Perform monthly phishing campaign assessments
- Perform periodic remote penetration tests
- Verify and test off-line backups at least quarterly
- Avoid these bad practices
There are many public resources available to assist. Besides the FBI, InfraGard, and IT-ISAC, the US Cybersecurity & Infrastructure Security Agency (CISA) is a great resource for all companies across public and private sectors. CISA’s Shields Up campaign emphasizes that every organization must prepare, detect, respond, and mitigate the impact of attacks. Shields Up includes timely updates, guidance for all organizations, recommendations for CEOs and leaders, ransomware response, and even free tools and steps to protect yourself and your family.
Talk to our experts
At EVOTEK, we have seasoned security practitioners and advisors who can help assess specific risks and advise on risk mitigation strategies and tactical steps to counter and respond to cyber threats. Make sure to reach out to firstname.lastname@example.org for consultation.